commit c03694938ed0b9510d1d6b04d0e650dc64d14074 Author: Nick Mathewson nickm@torproject.org Date: Thu May 28 12:30:25 2015 -0400

Fix a bug when we fail to read a cert from a file.

Found by coverity -- CID 1301366. --- src/or/routerkeys.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 556ab45..7b7a6d0 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -142,26 +142,24 @@ ed_key_init_from_file(const char *fname, uint32_t flags, cert = tor_cert_parse(certbuf, cert_body_len);

/* If we got it, check it to the extent we can. */ - if (cert) { - int bad_cert = 0; - - if (! cert) { - tor_log(severity, LD_OR, "Cert was unparseable"); - bad_cert = 1; - } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey, - ED25519_PUBKEY_LEN)) { - tor_log(severity, LD_OR, "Cert was for wrong key"); - bad_cert = 1; - } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 && - (signing_key || cert->cert_expired)) { - tor_log(severity, LD_OR, "Can't check certificate"); - bad_cert = 1; - } + int bad_cert = 0; + + if (! cert) { + tor_log(severity, LD_OR, "Cert was unparseable"); + bad_cert = 1; + } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey, + ED25519_PUBKEY_LEN)) { + tor_log(severity, LD_OR, "Cert was for wrong key"); + bad_cert = 1; + } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 && + (signing_key || cert->cert_expired)) { + tor_log(severity, LD_OR, "Can't check certificate"); + bad_cert = 1; + }

- if (bad_cert) { - tor_cert_free(cert); - cert = NULL; - } + if (bad_cert) { + tor_cert_free(cert); + cert = NULL; }

/* If we got a cert, we're done. */